Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 10 replies
  • Subscribers 1 subscriber
  • Views 5757 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

is WAF is supported in bridge mode ?

agungw
Hi All,

Need you all expertise on this.

We have facing this issue for the past two weeks, our WAF seems not worked as it should.
Our WAF logs show nothing, even when i try to attack with some small SQL injection script or XSS [:S]. 

I'm running Astaro UTM ASG Software firmware version 9.105-9.
Our current setup is
Internet  Cisco Asa  Sophos UTM  Internal,
internal and Sophos UTM share the same gateway.

My question, is WAF is supported in bridge mode ?

Thanks in advance

Regards,
Agung


This thread was automatically locked due to age.
Parents
  • 0
    In fact, you don't need a second NAT, just different IPs for the Virtual Server and the Real Server.  There's no limitation requiring them to be in separate subnets.  For example, you could have a single interface with subnet 172.16.0.0/15 where you have Virtual Servers assigned IPs in 172.16.0.0/16 and Real Servers in 172.17.0.0/16.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0
    In fact, you don't need a second NAT, just different IPs for the Virtual Server and the Real Server.  There's no limitation requiring them to be in separate subnets.  For example, you could have a single interface with subnet 172.16.0.0/15 where you have Virtual Servers assigned IPs in 172.16.0.0/16 and Real Servers in 172.17.0.0/16.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • 0 in reply to BAlfson
    Hi All,

    Just want to update and sorry for the late comeback.

    We change the topology based on this thread discussion, and it works !.

    The next is problem is some of our HTTP/SSL certificates that Sophos seems
    can't handle it.
    Think i'm going to search this forum first about this.

    Thank you
    Agung
Unfiltered HTML